In Log Center, a developer notes a number of Cross Site Request Forgery (CSRF) log entries. The developer knows that this happens when a CSRF token is either not found or is invalid, and is working to remedy the situation as soon as possible.
Which two courses of action might solve the problem? (Choose two.)
A. Extend the CSRF token validity to avoid timeouts
B. Delete the existing CSRF whitelists in Business Manager
C. Add the token in the ISML template
D. Add csrfProtection.generateToken as a middleware step in the controller
Should be C & D, extending the CSRF token validity to avoid timeouts is not a best practice in this case.